World IPv6 Day: Final Look and “Wagon’s Ho!”

After reflecting on the data from IPv6 day, the phrase the best comes to mind is: “Wagon’s Ho!” It’s going to be a long hard slog to IPv6-Land. Yesterday’s IPv6 flag day looks to have been a success. After a decade of implementation work by the infrastructure vendors in building towards IPv4 functional parity, combined with the months of preparation by the content and service providers in constructing the routing and namespace frameworks, IPv6 day came off successfully. For a 24 hour period starting at midnight UTC, anyone with IPv6 access connectivity could get to some of the largest content providers’ data through their v6 stacks. With six of our customers’ help, we were able to get a glimpse into some of the details of the day.

For a bright 24 hour period, shown in Figure 1, the IPv6 network looked a little bit more like its IPv4 big brother. As we have shown in some of our previous posts, the traffic mix for the IPv6 network could be best described as flotsam and jetsam: encrypted file transfers, peer to peer traffic, and experimental protocols. However, during yesterday’s v6 day the mix was dominated with web traffic. The proportion of web traffic grew during the day up until the midnight cutoff point where some of the major content providers withdrew their namespace support. At midnight UTC the web traffic falls off the cliff and the traffic mix returns to its pre-v6-day chatter.

Figure 2. Percentage of IPv6 traffic of all Internet traffic in our six carrier partners.

The good news shown in Figure 2 is that IPv6 traffic roughly doubled during the v6-day period. However, doubling a fraction of a percent, is still a fraction of a percent. These datasets correlate anecdotally with those from a lot of providers that we’ve talked with at our customer summit this week in Amsterdam. Combined with the results shown in Figure 3, they lead us to think more about the access side of the Internet. Even with a quad-A record in their DNS response, we just didn’t see Internet clients switching over in mass to the IPv6 content servers. It’s not surprising when you think about the level of indirection almost all subscriber side internet connections use. Unless you plug your home PC directly into the cable/dsl modem (another potential point for v4/v6 breakage), you probably have at least a mediating DNS caching device (home router or wireless basestation) that may not elegantly switch back and forth from v4 to v6. The inertia and complexity of changing this element of the Internet is massive.

Again, I’m left thinking of a Wagon train metaphor. Yesterday was the start of a long road that will take us to IPv6-land. It will pass through the more efficient use of IPv4 address space due to market forces; the operational pressures to not run two separate networks that need debugging and maintenance; and the not insignificant security threats introduced by the incredible complexity and new boundary conditions of the juncture of v4 and v6 networks. I have no doubt that the wagons will eventually get there, but it will not be easy.

[…] or security issues during the 24-hour worldwide test. The not-so-good news is that IPv6 traffic barely peaked above a quarter of one percent of total Internet traffic across six participating carrier networks. The low traffic numbers may give false hope to companies […]

[…] the ratio of IPv6 to IPv4 traffic in the global Internet is still very small (See “World IPv6 Day: Final Look and â€œWagonâ€™s Ho!â€). I have a theory about what will trigger significant deployment of IPv6 on the global Internet, […]

Subscribe to this blog

First Name*

Last Name*

Company*

Email*

Email

This field is for validation purposes and should be left unchanged.

Asert

Arbor’s Security Engineering & Response Team (ASERT) delivers world-class network security research and analysis for the benefit of today’s enterprise and network operators. ASERT engineers and researchers are part of an elite group of institutions that are referred to as ‘super remediators’ and represent the best in information security. ASERT has both visibility and remediation capabilities at nearly every tier one operator and a majority of service provider networks globally.

ASERT shares operationally viable intelligence with hundreds of international Computer Emergency Response Teams (CERTs) and with thousands of network operators via in-band security content feeds. ASERT also operates the world’s largest distributed honeynet, actively monitoring Internet threats around the clock and around the globe.

Arbor Networks has collaborated with Jigsaw (formerly Google Ideas) to create a data visualization that shows how Distributed Denial of Service (DDoS) attacks have become a global problem. The data is updated daily from Arbor’s global network of sensors and can be viewed at www.digitalattackmap.com